Wednesday, 20 February 2013

Junos : The Junos Pulse 4.0R1 (Build 32327) Software Release Notification



Products Affected SRX, SA, UAC, App Accel
Platforms Affected
  • Junos Pulse
  • UAC OS 4.x
  • SRX-series
  • IC-series
  • WX Platforms
  • MAG Series
  • JWOS 6.x
  • NetScreen SSL VPN
  • Virtual Appliance (VA)
  • IVE OS 7.x
    • Revision Number 1
    Issue Date 2013-02-19

    SRN Description :
    This bulletin announces the official release of Junos Pulse 4.0R1 (Build 32327).
    Junos Pulse software release 4.0R1 is a general access release.
    at No comments:

    Monday, 18 February 2013

    Junos : 2013-02 Network Management, Identity and Policy Control Security Advisories Released

    Title 2013-02 Network Management, Identity and Policy Control Security Advisories Released
    Products Affected Junos Space
    Platforms Affected
  • Security
  • Junos Space
  • SIRT Security Advisory
    • Revision Number 2
    Issue Date 2013-02-13

    PSN Issue :
    A new Network Management security advisory bundle has been released. This message contains the link(s) to the new PSN advisories that have been released.
    In the interest of speeding the delivery process for SIRT Security Announcements, the Juniper SIRT has implemented a small process change. When the Juniper SIRT publishes Security Advisories and/or Security Notices, a single master PSN (this PSN) will be pushed to subscribed customers which briefly lists the IDs, descriptions, and links for all of the individual Security Announcements being released together on that day.


    Solution: Please see the following links for more information about the new security advisories:
    1. PSN-2013-02-846 Multiple Apache HTTP server vulnerabilities fixed in Junos Space
      http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2013-02-846

    at No comments:

    Saturday, 16 February 2013

    Juniper : Software Defined Networking

    Juniper Networks Introduces Its Vision, Strategy & Licensing Model for Software-Defined
    Networks

    Juniper Networks has introduced a comprehensive vision in the industry to transition
    enterprises and service providers from  traditional network infrastructures to software-defined
    networks (SDN).

    Juniper's SDN strategy  will enable your clients to accelerate the design and delivery
    of new  services, lower the cost of network operation, and provide a clear path
     to implementation.

    This SDN strategy is rooted in six principles that directly address  the most pressing
    networking challenges facing the industry today:

    1. Cleanly separate networking software into four  layers (or planes) -- management,
    services, control and forwarding --  providing the architectural underpinning to
     optimize each plane within  the network.
    2. Centralize the appropriate aspects of the management, services and control software
    to simplify network design and lower operating costs.
    3. Use the cloud for elastic scale and flexible  deployment, enabling usage-based
    pricing to reduce time-to-service and  correlate cost based on value.
    4. Create a platform for network applications, services and integration into management
    systems, enabling new business solutions.
    5. Standardize protocols for interoperable, heterogeneous support across vendors,
    providing choice and lowering cost.
    6. Broadly apply SDN principles to all  networking and network services including
    security from the data center  and enterprise campus to the mobile and wireline
    networks used by  service providers.
    at No comments:

    Thursday, 7 February 2013

    Junos : Configuration Rollback

    Overview

    After you commit a configuration, it becomes the active configuration. For SRX Series devices running Junos Release 10.0 or later, 5 previous versions of commited configurations are saved, in addition to the active configuration. You can also create one rescue configuration, which allows you to have a known working configuration that you can roll back to at any time.

    You can make one of the previous configurations or the rescue configuration the active configuration by using the rollback command.


    J-Web Configuration

    Reviewing Configurations Available for Rollback

    To review the configurations available for rollback:
    1. Select Maintain>Config Management>History. All configurations available for rollback are listed.

    Comparing the Active Configuration to a Previous Configuration

    To compare the active configuration to a previous configuration:
    1. Select Maintain>Config Management>History. All configurations available for rollback are listed.
    2. To compare configurations, select the check box for two configurations, and click Compare. The differences between the configurations are listed.

    Rolling Back to a Previous Configuration

    To roll back to a previous configuration:
    1. Select Maintain>Config Management>History. All configurations available for rollback are listed.
    2. Click the Rollback link for the configuration for which you want to rollback.
    3. Click Commit to activate the configuration.

    Creating and Rolling Back to a Rescue Configuration

    A rescue configuration allows you to define a known working configuration or a configuration with a known state that you can roll back to at any time. This alleviates the necessity of having to remember the rollback number with the rollback command. You use the rescue configuration when you need to roll back to a known configuration or as a last resort if your router configuration and the backup configuration files become damaged beyond repair.

    To create a rescue configuration:
    1. Select Maintain>Config Management>Rescue.
    2. Click the Set rescue configuration link.
    3. When prompted to confirm creating the rescue configuration, click OK.
    at No comments:

    Monday, 4 February 2013

    Junos : Out-of-Cycle Security Bulletin: Junos: Crafted TCP packet can lead to kernel crash

    Products Affected This issue can affect any device running Junos OS 7.6R1 or later configured with open TCP ports (eg. telnet, SSH, BGP, etc.) allowing incoming TCP connections to reach the RE.
    Platforms Affected
  • JUNOS 12.x
  • Security
  • JUNOS 11.x
  • JUNOS 10.x
  • SIRT Security Advisory
    • Revision Number 3
    Issue Date 2013-01-30

    PSN Issue :
    The Junos kernel may crash when a specifically crafted TCP packet is received by the Routing Engine (RE) on a listening TCP port. TCP traffic traversing the device will not trigger this crash. Only TCP packets destined to the device itself, successfully reaching the RE through existing edge and control plane filtering, will be able to cause the crash. This issue can be triggered by both IPv4 and IPv6 TCP packets destined to the RE.

    This issue was found during internal product security testing.

    The Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

    This issue only affects devices running Junos OS 7.6R1 and later. No other Juniper Networks products or platforms are affected by this issue.

    Solution:
    All Junos OS software releases built on or after 2013-01-17 have fixed this specific issue. Releases containing the fix specifically include: 10.4S12, 10.4R13, 11.4R6-S1, 12.1R4-S3, 12.1R5, 12.2R2-S2, 12.2R3, 12.3R1, and all subsequent releases (i.e. all releases built after 12.3R1). In addition, all JTAC Recommended Releases listed in KB21476 have been updated to include this fix.

    Customers can confirm the build date of any Junos OS release by issuing the command 'show version detail'.

    This issue is being tracked as PR 839412 and is visible on the Customer Support website.

    KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.

    Workarounds
    The impact of the specially crafted TCP packet successfully making it's way to a listening port on the RE is a kernel crash and switchover (or reboot on single RE systems).

    Standard security best common practices (BCPs) can be employed, using access lists or firewall filters deployed on both the edge and control plane in combination with source address anti-spoofing, and where applicable, TTL security mechanisms to significantly reduce the risk of malicious exploit by limiting access to the device only from valid, trusted hosts. Features like uRPF and TTL Security (see sample macro below), or simply applying input firewall filters at the peering interfaces which discard traffic sourced from internal prefixes, will aid customers in protecting their network from remote attacks relying on spoofed source addresses. Note that while it's possible to use source routing to bypass uRPF, source routing is disabled by default in all recent Junos releases.

    Solution Implementation:
    How to obtain fixed software:

    Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version. In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame. For these cases, Service Releases are made available in order to be more timely. Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release. Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request.
    at No comments:
    Subscribe to: Posts (Atom)
    loading...